Feeds

Hacking attacks can turn off heart monitors

Lock up your grannies

Beginner's guide to SSL certificates

American researchers have proven it's possible to maliciously turn off individuals' heart monitors through a wireless hacking attack.

Many thousands of people across the world have the monitors, medically known as implantable cardiac defibrillators (ICDs), installed to help their hearts beat regularly.

ICDs treat abnormal heart conditions; more recent models also incorporate the abilities of a Pacemaker. Their function is to speed up a heartbeat which is too slow, or to deliver an electrical shock to a heart which is beating too quickly.

According to the research (pdf) by the Medical Device Security Center - which is backed by the Harvard Medical School among others - hackers would be able to intercept medical information on the patient, turn off the device, or, even worse, deliver an unnecessary electrical shock to the patient.

The hack takes advantage of the fact the ICD possesses a radio which is designed to allow reprogramming by a hospital doctor. The ICD's radio signals are not encrypted, the Security Center said.

The Security Center demonstrated the hack on an ICD made by Medtronic using a PC, radio hardware and an antenna. The ICD was not in a patient at the time. The research is detailed in a report released today.

The report reveals that a hacker could "render the ICD incapable of responding to dangerous cardiac events. A malicious person could also make the ICD deliver a shock that could induce ventricular fibrillation, a potentially lethal arrhythmia."

The Security Center says manufacturers of ICDs could implement several measures to prevent the threat. These include making the IMD produce an audible alert when an unauthorised party tries to communicate with their IMD. It also suggests employing cryptography to provide secure authentication for doctors.

The researchers added that the risk facing patients is negligible. "We believe the risk to patients is low and that patients should not be alarmed," it said in the report.

"We do not know of a single case where an IMD patient has ever been harmed by a malicious security attack."

It added that hackers would need to be physically close to their intended victim and would need sophisticated equipment. The kit used in the demoed attack cost $30,000.

The researchers omitted their methodology from the paper to help prevent such an attack ever happening, they said.

Medtronic said the chance of such an attack is "extremely low". Future versions of its IMDs, which will send radio signals ten metres, will incorporate stronger security, it told the Associated Press. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Red Hat, Apple scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.